svn commit: r463283 - head/security/vuxml
Jason E. Hale
jhale at FreeBSD.org
Thu Mar 1 06:49:20 UTC 2018
Author: jhale
Date: Thu Mar 1 06:49:19 2018
New Revision: 463283
URL: https://svnweb.freebsd.org/changeset/ports/463283
Log:
Document vulnerability in audio/libsndfile and audio/linux-c[6|7]-libsndfile
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Mar 1 06:41:55 2018 (r463282)
+++ head/security/vuxml/vuln.xml Thu Mar 1 06:49:19 2018 (r463283)
@@ -58,6 +58,41 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="004debf9-1d16-11e8-b6aa-4ccc6adda413">
+ <topic>libsndfile -- out-of-bounds read memory access</topic>
+ <affects>
+ <package>
+ <name>libsndfile</name>
+ <name>linux-c6-libsndfile</name>
+ <name>linux-c7-libsndfile</name>
+ <range><le>1.0.28</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Laurent Delosieres, Secunia Research at Flexera Software reports:</p>
+ <blockquote cite="https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/">
+ <p>Secunia Research has discovered a vulnerability in libsndfile, which can be
+ exploited by malicious people to disclose potentially sensitive information.
+ The vulnerability is caused due to an error in the "aiff_read_chanmap()" function
+ (src/aiff.c), which can be exploited to cause an out-of-bounds read memory access
+ via a specially crafted AIFF file. The vulnerability is confirmed in version 1.0.28.
+ Other versions may also be affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6892</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2017-6892</url>
+ <url>https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/</url>
+ <url>https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748</url>
+ </references>
+ <dates>
+ <discovery>2017-05-23</discovery>
+ <entry>2018-03-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="af485ef4-1c58-11e8-8477-d05099c0ae8c">
<topic>ntp -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list